03-24-2021 05:47 PM
HI,
We are looking to integrate our Cisco anyconnect with Microsoft MFA for secondary authentication with primary authentication being on-premises AD, we are as of now integrated it with DUO MFA for secondary authentication and want to migrate that to Microsoft MFA, however cannot see the document for the same anywhere can we configure this without NPS extension just using on-premises AD
Solved! Go to Solution.
03-26-2021 07:11 AM
AnyConnect, acting as the VPN client to a headend ASA or FTD device, cannot currently authenticate directly with Microsoft MFA, either as primary or secondary authentication. It can authenticate via SAML to Azure AD and then Azure can be set to use Microsoft MFA. Similarly it can use the NPS extension as you alluded to.
03-26-2021 07:11 AM
AnyConnect, acting as the VPN client to a headend ASA or FTD device, cannot currently authenticate directly with Microsoft MFA, either as primary or secondary authentication. It can authenticate via SAML to Azure AD and then Azure can be set to use Microsoft MFA. Similarly it can use the NPS extension as you alluded to.
03-26-2021 07:43 AM
Thank you Marvin for the reply.
10-12-2023 07:41 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide